New York: Facebook has said that it has stopped most of the spam that has flooded many users’ pages with pictures showing graphic sex and violence.
The social-networking company urged its 800 million-plus users yesterday to remain vigilant to keep their accounts from being hijacked.
That includes reporting suspicious links on friends’ pages and not clicking on links that offer deals that are too good to be true.
Social-networking sites are popular targets for spammers because people are more likely to trust and share content that comes from people they know. This makes spam, scams and viruses easy to spread.
Still, Facebook says less than 4 percent of content shared on the site is spam. By comparison, about 74 percent of email is spam, according to security firm Symantec, though the bulk gets filtered out before reaching the inbox.
_
_
Over the past couple of days, many users have complained about finding links on their Facebook pages taking them to images depicting jarring violence and graphic pornography.
Although the way the latest spam messages spread isn’t new, their content is more shocking than the typical scam enticing a free iPod shuffle.
The latest attack tricked users into clicking on links by offering some sort of promise — free plane tickets, a fun new video or answers to a quiz, for example, said Vikram Thakur, principal security response manager at Symantec.
Clicking on the link took users to a page that asked them to copy and paste a line of malicious JavaScript programming code into the address bar of their Web browser.
“Pasting that little message will pick up a message or picture from whatever website the JavaScript is posting to,” Thakur said, adding that it doesn’t matter what type of browser people use.
The content is then posted on the users’ Facebook page, usually without their knowledge. It spreads further when their friends then click on those links, thinking that it was posted by the user on purpose.
Facebook said no user data or accounts were compromised during the attack.
It urged users not to cut and paste unknown code into a browser’s address bar. They should always use an up-to-date browser and report any suspicious content on the site.
“Our team responded quickly and we have eliminated most of the spam caused by this attack,” Facebook said in a statement. “We are now working to improve our systems to better defend against similar attacks in the future.”
In a recent statment Facebook added, ”
During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”
Overall Facebook is known to deal quite aggressively with spammers and if some past examples are to go as any indicator then the spammers had better be prepared to cough up big sums of money.
Would love to here from you...